def xfp_from_xpub(xpub): # sometime we need to BIP32 fingerprint value: 4 bytes of ripemd(sha256(pubkey)) # UNTESTED kk = bfh(Xpub.get_pubkey_from_xpub(xpub, [])) assert len(kk) == 33 xfp, = unpack('<I', hash_160(kk)[0:4]) return xfp
def get_xpub(self, bip32_path, xtype): self.checkDevice() # bip32_path is of the form 44'/0'/1' # S-L-O-W - we don't handle the fingerprint directly, so compute # it manually from the previous node # This only happens once so it's bearable #self.get_client() # prompt for the PIN before displaying the dialog if necessary #self.handler.show_message("Computing master public key") if xtype in ['p2wpkh', 'p2wsh'] and not self.supports_native_segwit(): raise UserFacingException(MSG_NEEDS_FW_UPDATE_SEGWIT) if xtype in ['p2wpkh-p2sh', 'p2wsh-p2sh'] and not self.supports_segwit(): raise UserFacingException(MSG_NEEDS_FW_UPDATE_SEGWIT) bip32_path = bip32.normalize_bip32_derivation(bip32_path) bip32_intpath = bip32.convert_bip32_path_to_list_of_uint32(bip32_path) bip32_path = bip32_path[2:] # cut off "m/" if len(bip32_intpath) >= 1: prevPath = bip32.convert_bip32_intpath_to_strpath(bip32_intpath[:-1])[2:] nodeData = self.dongleObject.getWalletPublicKey(prevPath) publicKey = compress_public_key(nodeData['publicKey']) fingerprint_bytes = hash_160(publicKey)[0:4] childnum_bytes = bip32_intpath[-1].to_bytes(length=4, byteorder="big") else: fingerprint_bytes = bytes(4) childnum_bytes = bytes(4) nodeData = self.dongleObject.getWalletPublicKey(bip32_path) publicKey = compress_public_key(nodeData['publicKey']) depth = len(bip32_intpath) return BIP32Node(xtype=xtype, eckey=ecc.ECPubkey(bytes(publicKey)), chaincode=nodeData['chainCode'], depth=depth, fingerprint=fingerprint_bytes, child_number=childnum_bytes).to_xpub()
def build_psbt(self, tx: Transaction, wallet=None, xfp=None): # Render a PSBT file, for upload to Coldcard. # if xfp is None: # need fingerprint of MASTER xpub, not the derived key xfp = self.ckcc_xfp inputs = tx.inputs() if 'prev_tx' not in inputs[0]: # fetch info about inputs, if needed? # - needed during export PSBT flow, not normal online signing assert wallet, 'need wallet reference' wallet.add_hw_info(tx) # wallet.add_hw_info installs this attr assert tx.output_info is not None, 'need data about outputs' # Build map of pubkey needed as derivation from master, in PSBT binary format # 1) binary version of the common subpath for all keys # m/ => fingerprint LE32 # a/b/c => ints base_path = pack('<I', xfp) for x in self.get_derivation()[2:].split('/'): if x.endswith("'"): x = int(x[:-1]) | 0x80000000 else: x = int(x) base_path += pack('<I', x) # 2) all used keys in transaction subkeys = {} derivations = self.get_tx_derivations(tx) for xpubkey in derivations: pubkey = xpubkey_to_pubkey(xpubkey) # assuming depth two, non-harded: change + index aa, bb = derivations[xpubkey] assert 0 <= aa < 0x80000000 assert 0 <= bb < 0x80000000 subkeys[bfh(pubkey)] = base_path + pack('<II', aa, bb) for txin in inputs: if txin['type'] == 'coinbase': self.give_error("Coinbase not supported") if txin['type'] in ['p2sh', 'p2wsh-p2sh', 'p2wsh']: self.give_error('No support yet for inputs of type: ' + txin['type']) # Construct PSBT from start to finish. out_fd = io.BytesIO() out_fd.write(b'psbt\xff') def write_kv(ktype, val, key=b''): # serialize helper: write w/ size and key byte out_fd.write(my_var_int(1 + len(key))) out_fd.write(bytes([ktype]) + key) if isinstance(val, str): val = bfh(val) out_fd.write(my_var_int(len(val))) out_fd.write(val) # global section: just the unsigned txn class CustomTXSerialization(Transaction): @classmethod def input_script(cls, txin, estimate_size=False): return '' unsigned = bfh(CustomTXSerialization(tx.serialize()).serialize_to_network(witness=False)) write_kv(PSBT_GLOBAL_UNSIGNED_TX, unsigned) # end globals section out_fd.write(b'\x00') # inputs section for txin in inputs: utxo = txin['prev_tx'].outputs()[txin['prevout_n']] spendable = txin['prev_tx'].serialize_output(utxo) write_kv(PSBT_IN_WITNESS_UTXO, spendable) pubkeys, x_pubkeys = tx.get_sorted_pubkeys(txin) pubkeys = [bfh(k) for k in pubkeys] for k in pubkeys: write_kv(PSBT_IN_BIP32_DERIVATION, subkeys[k], k) if txin['type'] == 'p2wpkh-p2sh': assert len(pubkeys) == 1, 'can be only one redeem script per input' pa = hash_160(k) assert len(pa) == 20 write_kv(PSBT_IN_REDEEM_SCRIPT, b'\x00\x14'+pa) out_fd.write(b'\x00') # outputs section for o in tx.outputs(): # can be empty, but must be present, and helpful to show change inputs # wallet.add_hw_info() adds some data about change outputs into tx.output_info if o.address in tx.output_info: # this address "is_mine" but might not be change (I like to sent to myself) output_info = tx.output_info.get(o.address) index, xpubs = output_info.address_index, output_info.sorted_xpubs if index[0] == 1 and len(index) == 2: # it is a change output (based on our standard derivation path) assert len(xpubs) == 1 # not expecting multisig xpubkey = xpubs[0] # document its bip32 derivation in output section aa, bb = index assert 0 <= aa < 0x80000000 assert 0 <= bb < 0x80000000 deriv = base_path + pack('<II', aa, bb) pubkey = bfh(self.get_pubkey_from_xpub(xpubkey, index)) write_kv(PSBT_OUT_BIP32_DERIVATION, deriv, pubkey) if output_info.script_type == 'p2wpkh-p2sh': pa = hash_160(pubkey) assert len(pa) == 20 write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x14' + pa) out_fd.write(b'\x00') return out_fd.getvalue()
def build_psbt(self, tx: Transaction, wallet=None, xfp=None): # Render a PSBT file, for upload to Coldcard. # if xfp is None: # need fingerprint of MASTER xpub, not the derived key xfp = self.ckcc_xfp inputs = tx.inputs() if 'prev_tx' not in inputs[0]: # fetch info about inputs, if needed? # - needed during export PSBT flow, not normal online signing assert wallet, 'need wallet reference' wallet.add_hw_info(tx) # wallet.add_hw_info installs this attr assert tx.output_info is not None, 'need data about outputs' # Build map of pubkey needed as derivation from master, in PSBT binary format # 1) binary version of the common subpath for all keys # m/ => fingerprint LE32 # a/b/c => ints base_path = pack('<I', xfp) for x in self.get_derivation()[2:].split('/'): if x.endswith("'"): x = int(x[:-1]) | 0x80000000 else: x = int(x) base_path += pack('<I', x) # 2) all used keys in transaction subkeys = {} derivations = self.get_tx_derivations(tx) for xpubkey in derivations: pubkey = xpubkey_to_pubkey(xpubkey) # assuming depth two, non-harded: change + index aa, bb = derivations[xpubkey] assert 0 <= aa < 0x80000000 assert 0 <= bb < 0x80000000 subkeys[bfh(pubkey)] = base_path + pack('<II', aa, bb) for txin in inputs: if txin['type'] == 'coinbase': self.give_error("Coinbase not supported") if txin['type'] in ['p2sh', 'p2wsh-p2sh', 'p2wsh']: self.give_error('No support yet for inputs of type: ' + txin['type']) # Construct PSBT from start to finish. out_fd = io.BytesIO() out_fd.write(b'psbt\xff') def write_kv(ktype, val, key=b''): # serialize helper: write w/ size and key byte out_fd.write(my_var_int(1 + len(key))) out_fd.write(bytes([ktype]) + key) if isinstance(val, str): val = bfh(val) out_fd.write(my_var_int(len(val))) out_fd.write(val) # global section: just the unsigned txn class CustomTXSerialization(Transaction): @classmethod def input_script(cls, txin, estimate_size=False): return '' unsigned = bfh( CustomTXSerialization( tx.serialize()).serialize_to_network(witness=False)) write_kv(PSBT_GLOBAL_UNSIGNED_TX, unsigned) # end globals section out_fd.write(b'\x00') # inputs section for txin in inputs: if Transaction.is_segwit_input(txin): utxo = txin['prev_tx'].outputs()[txin['prevout_n']] spendable = txin['prev_tx'].serialize_output(utxo) write_kv(PSBT_IN_WITNESS_UTXO, spendable) else: write_kv(PSBT_IN_NON_WITNESS_UTXO, str(txin['prev_tx'])) pubkeys, x_pubkeys = tx.get_sorted_pubkeys(txin) pubkeys = [bfh(k) for k in pubkeys] for k in pubkeys: write_kv(PSBT_IN_BIP32_DERIVATION, subkeys[k], k) if txin['type'] == 'p2wpkh-p2sh': assert len( pubkeys ) == 1, 'can be only one redeem script per input' pa = hash_160(k) assert len(pa) == 20 write_kv(PSBT_IN_REDEEM_SCRIPT, b'\x00\x14' + pa) out_fd.write(b'\x00') # outputs section for o in tx.outputs(): # can be empty, but must be present, and helpful to show change inputs # wallet.add_hw_info() adds some data about change outputs into tx.output_info if o.address in tx.output_info: # this address "is_mine" but might not be change (I like to sent to myself) output_info = tx.output_info.get(o.address) index, xpubs = output_info.address_index, output_info.sorted_xpubs if index[0] == 1 and len(index) == 2: # it is a change output (based on our standard derivation path) assert len(xpubs) == 1 # not expecting multisig xpubkey = xpubs[0] # document its bip32 derivation in output section aa, bb = index assert 0 <= aa < 0x80000000 assert 0 <= bb < 0x80000000 deriv = base_path + pack('<II', aa, bb) pubkey = bfh(self.get_pubkey_from_xpub(xpubkey, index)) write_kv(PSBT_OUT_BIP32_DERIVATION, deriv, pubkey) if output_info.script_type == 'p2wpkh-p2sh': pa = hash_160(pubkey) assert len(pa) == 20 write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x14' + pa) out_fd.write(b'\x00') return out_fd.getvalue()
def build_psbt(tx: Transaction, wallet: Abstract_Wallet): # Render a PSBT file, for possible upload to Coldcard. # # TODO this should be part of Wallet object, or maybe Transaction? if getattr(tx, 'raw_psbt', False): _logger.info('PSBT cache hit') return tx.raw_psbt inputs = tx.inputs() if 'prev_tx' not in inputs[0]: # fetch info about inputs, if needed? # - needed during export PSBT flow, not normal online signing wallet.add_hw_info(tx) # wallet.add_hw_info installs this attr assert tx.output_info is not None, 'need data about outputs' # Build a map of all pubkeys needed as derivation from master XFP, in PSBT binary format # 1) binary version of the common subpath for all keys # m/ => fingerprint LE32 # a/b/c => ints # # 2) all used keys in transaction: # - for all inputs and outputs (when its change back) # - for all keystores, if multisig # subkeys = {} for ks in wallet.get_keystores(): # XFP + fixed prefix for this keystore ks_prefix = packed_xfp_path_for_keystore(ks) # all pubkeys needed for input signing for xpubkey, derivation in ks.get_tx_derivations(tx).items(): pubkey = xpubkey_to_pubkey(xpubkey) # assuming depth two, non-harded: change + index aa, bb = derivation assert 0 <= aa < 0x80000000 and 0 <= bb < 0x80000000 subkeys[bfh(pubkey)] = ks_prefix + pack('<II', aa, bb) # all keys related to change outputs for o in tx.outputs(): if o.address in tx.output_info: # this address "is_mine" but might not be change (if I send funds to myself) output_info = tx.output_info.get(o.address) if not output_info.is_change: continue chg_path = output_info.address_index assert chg_path[0] == 1 and len( chg_path) == 2, f"unexpected change path: {chg_path}" pubkey = ks.derive_pubkey(True, chg_path[1]) subkeys[bfh(pubkey)] = ks_prefix + pack('<II', *chg_path) for txin in inputs: assert txin['type'] != 'coinbase', _("Coinbase not supported") if txin['type'] in ['p2sh', 'p2wsh-p2sh', 'p2wsh']: assert type(wallet) is Multisig_Wallet # Construct PSBT from start to finish. out_fd = io.BytesIO() out_fd.write(b'psbt\xff') def write_kv(ktype, val, key=b''): # serialize helper: write w/ size and key byte out_fd.write(my_var_int(1 + len(key))) out_fd.write(bytes([ktype]) + key) if isinstance(val, str): val = bfh(val) out_fd.write(my_var_int(len(val))) out_fd.write(val) # global section: just the unsigned txn class CustomTXSerialization(Transaction): @classmethod def input_script(cls, txin, estimate_size=False): return '' unsigned = bfh( CustomTXSerialization( tx.serialize()).serialize_to_network(witness=False)) write_kv(PSBT_GLOBAL_UNSIGNED_TX, unsigned) if type(wallet) is Multisig_Wallet: # always put the xpubs into the PSBT, useful at least for checking for xp, ks in zip(wallet.get_master_public_keys(), wallet.get_keystores()): ks_prefix = packed_xfp_path_for_keystore(ks) write_kv(PSBT_GLOBAL_XPUB, ks_prefix, DecodeBase58Check(xp)) # end globals section out_fd.write(b'\x00') # inputs section for txin in inputs: if Transaction.is_segwit_input(txin): utxo = txin['prev_tx'].outputs()[txin['prevout_n']] spendable = txin['prev_tx'].serialize_output(utxo) write_kv(PSBT_IN_WITNESS_UTXO, spendable) else: write_kv(PSBT_IN_NON_WITNESS_UTXO, str(txin['prev_tx'])) pubkeys, x_pubkeys = tx.get_sorted_pubkeys(txin) pubkeys = [bfh(k) for k in pubkeys] if type(wallet) is Multisig_Wallet: # always need a redeem script for multisig scr = Transaction.get_preimage_script(txin) if Transaction.is_segwit_input(txin): # needed for both p2wsh-p2sh and p2wsh write_kv(PSBT_IN_WITNESS_SCRIPT, bfh(scr)) else: write_kv(PSBT_IN_REDEEM_SCRIPT, bfh(scr)) sigs = txin.get('signatures') for pk_pos, (pubkey, x_pubkey) in enumerate(zip(pubkeys, x_pubkeys)): if pubkey in subkeys: # faster? case ... calculated above write_kv(PSBT_IN_BIP32_DERIVATION, subkeys[pubkey], pubkey) else: # when an input is partly signed, tx.get_tx_derivations() # doesn't include that keystore's value and yet we need it # because we need to show a correct keypath... assert x_pubkey[0:2] == 'ff', x_pubkey for ks in wallet.get_keystores(): d = ks.get_pubkey_derivation(x_pubkey) if d is not None: ks_path = packed_xfp_path_for_keystore(ks, d) write_kv(PSBT_IN_BIP32_DERIVATION, ks_path, pubkey) break else: raise AssertionError("no keystore for: %s" % x_pubkey) if txin['type'] == 'p2wpkh-p2sh': assert len( pubkeys) == 1, 'can be only one redeem script per input' pa = hash_160(pubkey) assert len(pa) == 20 write_kv(PSBT_IN_REDEEM_SCRIPT, b'\x00\x14' + pa) # optional? insert (partial) signatures that we already have if sigs and sigs[pk_pos]: write_kv(PSBT_IN_PARTIAL_SIG, bfh(sigs[pk_pos]), pubkey) out_fd.write(b'\x00') # outputs section for o in tx.outputs(): # can be empty, but must be present, and helpful to show change inputs # wallet.add_hw_info() adds some data about change outputs into tx.output_info if o.address in tx.output_info: # this address "is_mine" but might not be change (if I send funds to myself) output_info = tx.output_info.get(o.address) if output_info.is_change: pubkeys = [bfh(i) for i in wallet.get_public_keys(o.address)] # Add redeem/witness script? if type(wallet) is Multisig_Wallet: # always need a redeem script for multisig cases scr = bfh( multisig_script([bh2u(i) for i in sorted(pubkeys)], wallet.m)) if output_info.script_type == 'p2wsh-p2sh': write_kv(PSBT_OUT_WITNESS_SCRIPT, scr) write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x20' + sha256(scr)) elif output_info.script_type == 'p2wsh': write_kv(PSBT_OUT_WITNESS_SCRIPT, scr) elif output_info.script_type == 'p2sh': write_kv(PSBT_OUT_REDEEM_SCRIPT, scr) else: raise ValueError(output_info.script_type) elif output_info.script_type == 'p2wpkh-p2sh': # need a redeem script when P2SH is used to wrap p2wpkh assert len(pubkeys) == 1 pa = hash_160(pubkeys[0]) write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x14' + pa) # Document change output's bip32 derivation(s) for pubkey in pubkeys: sk = subkeys[pubkey] write_kv(PSBT_OUT_BIP32_DERIVATION, sk, pubkey) out_fd.write(b'\x00') # capture for later use tx.raw_psbt = out_fd.getvalue() return tx.raw_psbt